<?php if($user->access!=0){ ?>
<?php
if ($user->access != 2){
	$_SESSION['error']="Acces refused";
}
else{
	
	//gestion d'ajout d'un server
	if (isset($_POST['hidden']) and $_POST['hidden']=='add_server'){
		if (isset($_POST['server_name']) and isset($_POST['server_pin']) and $_POST['server_name']!= "" and $_POST['server_pin']!=""){
			add_server($_POST['server_name'],$_POST['server_address'],$_POST['server_pin']);
		}
		else{
			$_SESSION['error']="Name or pin missing";
		}
	}
	//gestion du cas de suppression d'un server
		if (isset($_POST['hidden']) and $_POST['hidden']=='server_remove'){	
			remove_server($_POST['server_box']);
		}

	//gestion d'ajout d'un user
	if (isset($_POST['hidden']) and $_POST['hidden']=='add_user'){
		if (isset($_POST['user_login']) and isset($_POST['user_password']) and $_POST['user_password']!= "" and $_POST['user_login']!=""){
			add_user($_POST['user_login'],$_POST['user_password'],$_POST['user_access']);
		}
		else{
			$_SESSION['error']="Name or Password missing";
		}
	}	
		
	//gestion du cas de suppression d'un utilisateur
	if (isset($_POST['hidden']) and $_POST['hidden']=='user_remove'){
		remove_user($_POST['user_box']);
	}	
	
	//si menu de modif user
	if (isset($_GET['modifuser']) and $_GET['modifuser']!= ""){
		//si pseudo a modifier
		//print $_POST['mpseudo'];exit;
		if (isset($_POST['mpseudo']) and $_POST['mpseudo'] != "" ){
			//print "prout";exit;
			if( ($_POST['maccesslevel'] <=2) and ($_POST['maccesslevel'] >=0 ) ){
				//print "prout";
				$id =mysql_real_escape_string(htmlspecialchars($_POST['mid']));
				$login=mysql_real_escape_string(htmlspecialchars($_POST['mpseudo']));
				$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_USER." SET login = '".$login."' WHERE id = ".$id." LIMIT 1")or die(mysql_error());	
				$level=mysql_real_escape_string(htmlspecialchars($_POST['maccesslevel']));
				$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_USER." SET access = '".$level."' WHERE id = ".$id." LIMIT 1")or die(mysql_error());
				if(($_POST['mpasswd1']!="")and isset($_POST['mpasswd2'])){
					if ($_POST['mpasswd1']==$_POST['mpasswd2']){
						$newpasswd = $_POST['mpasswd1'];
						$sql_query = mysql_query("UPDATE ".DATABASE_TABLE_USER." SET passwd = '".md5($newpasswd)."' WHERE id = ".$id." LIMIT 1")or die(mysql_error());
					}else{
							$_SESSION['error']="different password";
					}
				}
				print "<p>Change OK</p>";
			 }else{
				$_SESSION['error']="Invalid access";
			 }
	?>
	
	<?php }else{ ?>
	<div id="modifuser">
		<form action="index.php?page=admin&modifuser=<?php  print $_GET['modifuser'] ; ?>" method="post">
		<table>
		<caption>Modif Users</caption>
		<?php
		$sql_query=mysql_query("Select login,access,id from ".DATABASE_TABLE_USER." ORDER BY `login` ASC") or die(mysql_error());
		while ($query = mysql_fetch_array($sql_query) ){
			if ($query['login'] == $_GET['modifuser']){
		?>
			<tr>
				<td>Pseudo</td>
				<td><input type="text" name="mpseudo" value="<?php print $query['login'] ?>" /></td>
			</tr>
			<tr>
				<td>Access Level</td>
				<td><input type="text" name="maccesslevel" value="<?php print $query['access'] ?>" /></td>
			</tr>
			<tr>
				<td>New Password</td>
				<td><input type="password" name="mpasswd1" value="" /></td>
			</tr>
			<tr>
				<td>Retype Password</td>
				<td><input type="password" name="mpasswd2" value="" /></td>
			</tr>
			<tr>
				<td colspan="2" ><input type="hidden" name="mid" value="<?php print $query['id'] ?>" /><input type="submit" value="change" /></td>
			</tr>
		<?php 
			}
		}
	?>
		</table>
		</form>
	</div>	
	<?php
	}
		 ?>

	<?php	
	}else{
	//sinon afficher page normale
?>
<div id="page_admin">
<div id="gestion_serveur">
	<!-- Gestion des serveurs -->
	<form action="index.php?page=admin" method="post">
		<table>
		<caption>Add server</caption>
		<tr>
		<td> Nom* : <input type="text" name="server_name" /></td>
		<td>code* : <input type="text" name="server_pin" /></td>
		<td>adresse* : <input type="text" name="server_address" />(ex:http://lesprofs.free.fr/client/index.php)</td>
		<td><input type="hidden" name="hidden" value="add_server" /></td>
		<td><input type="submit" value="OK" /></td>
		</tr>
		</table>
	</form>
	<!-- Fin de Gestion des serveurs -->
<?php
//liste des server
	$sql_query=mysql_query("Select id,name,address,pin from ".DATABASE_TABLE_SERVER." ORDER BY `name` ASC") or die(mysql_error());
?>
	<div id="div_list_server">
	<form action= "index.php?page=admin" method="post">
		<table>
		<caption>List of servers</caption>
			<tr>
				<td class="title" colspan="2">Nom du partage</td>
				<td class="title">Adresse du serveur</td>
				<td class="title">Code pin du serveur</td>
			</tr>
<?php 
$i=0;
				while ($query = mysql_fetch_array($sql_query) ){
				$i=1;
?>
			
				<tr>
					<td><input type="checkbox" name="server_box[]" value="<?php echo $query['id'];?>"></td>
					<td><?php echo $query['name']; ?></td>
					<td><?php echo $query['address']; ?></td>
					<td style="color:#FFFFFF" bgcolor="#FFFFFF" onmouseout="this.bgColor='#FFFFFF';" onmouseover="this.bgColor='#DADADA';"><?php echo $query['pin'];?></td>
				</tr>
				
<?php } ?>
			
		<input type="hidden" name="hidden" value="server_remove">
			
			<?php if ($i==1){ ?>
				<tr>
					<td colspan="4"><input type="submit" value="Supprimer" /></td>
				</tr>
			<?php } ?>
			</table>
			</form>
		</div>
	



</div>
<div id="gestion_user">
<!-- Gestion des users -->
	<form action="index.php?page=admin" method="post">
		<table>
		<caption>Add a user</caption>
		<tr>
		<td>login* : <input type="text" name="user_login" /></td>
		<td>password* : <input type="password" name="user_password" /></td>
		<td>access* : <input type="text" name="user_access" />(0:bloked 1:user 2:admin)</td>
		<td><input type="hidden" name="hidden" value="add_user" /></td>
		<td><input type="submit" value="OK" /></td>
		</tr>
		</table>
	</form>
	<!-- Fin de Gestion des users -->
	
		
	<div id="div_list_server">
		<form action= "index.php?page=admin" method="post">
		<table>
		<caption>List of users</caption>
		<tr>
			<td colspan="2" class="title">Login</td>
			<td class="title">Access</td>
			<td class="title">Last connection</td>
		</tr>
		<?php
			$sql_query=mysql_query("Select login,access,last_connect,id from ".DATABASE_TABLE_USER." ORDER BY `login` ASC") or die(mysql_error());
			$i=0;
			while ($query = mysql_fetch_array($sql_query) ){
				$i=1;
		?>
		<tr>
			<td><input type="checkbox" name="user_box[]" value="<?php print $query['id']; ?>"></td>
			<td><a href="index.php?page=admin&modifuser=<?php print $query['login']; ?>" ><?php print $query['login']; ?></a></td>
			<td><?php print $query['access']; ?></td>
			<td><?php echo $query['last_connect']; ?></td>
		</tr>
		<?php } ?>
		<input type="hidden" name="hidden" value="user_remove" />
		<?php 
			if ($i==1){
		?>				
				<tr>
				<td colspan="4"><input type="submit" value="Supprimer" /></td>
				</tr>
			<?php } ?>
		</table>
		</form>
	</div>


</div>
<div id="div_log">
		<table>
		<caption>Log <a href="" onclick="location.reload;">refresh</a></caption>
		<tr>
		<td class="title">Action</td><td class="title">User</td><td class="title">date</td><td class="title">server</td>
		</tr>
		<?php 
		$sql_query = mysql_query("Select action,server,user,date from ".DATABASE_TABLE_LOG." ORDER BY `date` DESC LIMIT 0 , 15");
		while ($query = mysql_fetch_array($sql_query)  ){
		?>
		<tr  bgcolor="#ffffff" onmouseout="this.bgColor='#FFFFFF';" onmouseover="this.bgColor='#DADADA';" >
		<td class="log_action"><?php print $query['action']; ?></td><td class = "log_user"><?php print $query['user']; ?></td><td class ="log_date"><?php print date( "d/m/y à G\h i\m",$query['date']) ; ?></td><td class="log_server"><?php print $query['server']; ?></td>
		</tr>
		<?php
		}
		?>
		</table>
</div>
</div>
<?php } ?>
<?php } ?>
<?php } ?>